NeuroNest Consultancy Pty Ltd  Privacy Policy

NeuroNest Consultancy Pty Ltd Privacy Policy Effective date: 1 February 2026 NeuroNest Consultancy Pty Ltd (ABN 16 686 775 413) respects your privacy and is committed to handling personal information responsibly and lawfully. This Privacy Policy explains how we collect, use, store and disclose personal information when you visit our website, make an enquiry, book a service, or engage with us. 1. Who we are and how to contact us NeuroNest Consultancy Pty Ltd QLD 4020, Australia Email: NeuroNestCo@outlook.com Phone: 0494 373 276 Privacy contact: If you have privacy questions or requests, email us at NeuroNestCo@outlook.com . 2. When this policy applies This policy applies to personal information we handle through our website and our services. We operate in Australia and primarily comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If we handle personal information of individuals in New Zealand in the course of carrying on business, we will also take reasonable steps to comply with the New Zealand Privacy Act 2020 and its information privacy principles. 3. What personal information we collect The type of information we collect depends on how you interact with us. It may include: Website and enquiries Name, email address, phone number, and the content of your enquiry Website usage data, such as IP address, device and browser type, pages visited, time and date of visit, and referring pages Service delivery (including NDIS-related work where applicable) Child and family details needed to provide support (for example, date of birth, relevant routines and support needs) Health and wellbeing information where it is necessary to provide services (this is “sensitive information”) Funding and billing details (including plan management details where relevant) Records of services provided (for example, session notes, reports, communications and recommendations) Images and media Photos, video or audio recordings only where you give clear consent (and we will explain how they will be used) We do not aim to collect more information than we need. 4. How we collect personal information We may collect personal information: directly from you (for example, through website forms, email, phone, telehealth sessions, or documents you provide) from third parties you authorise (for example, a plan manager, school, therapist or other professional) through automated website technologies (for example, cookies and analytics tools) 5. Why we collect, use and disclose personal information We collect, use and disclose personal information for purposes such as: responding to enquiries and managing bookings delivering services and supports communicating with you about services coordinating with other professionals or services at your request or with your consent billing, payment, debt recovery, and administering plan-managed arrangements preparing reports and meeting quality, audit, and compliance obligations (including NDIS-related obligations where relevant) managing safety risks and meeting legal obligations, including mandatory reporting where required improving our services, website and resources We do not sell personal information. 6. Consent and sensitive information Sensitive information (including health information) is handled with extra care. We collect and use sensitive information only when: you consent, and it is reasonably necessary for providing services; or it is required or authorised by law. You can withdraw consent at any time by contacting us. If you do, we will tell you what that means in practice (for example, whether we can continue providing services or whether services may be limited). 7. Disclosure to third parties We may disclose personal information to: your authorised representatives (for example, a parent, guardian, or nominated contact) service providers involved in your support, with your consent plan managers for invoicing and payment (where applicable) our professional advisers (for example, accountants or lawyers) on a confidential basis technology providers that support our operations (for example, practice management, telehealth, secure storage, email and website hosting) regulators or government agencies where required or authorised by law, including the NDIS Quality and Safeguards Commission or other authorities 8. Overseas disclosures Some of the technology providers we use (for example website hosting, analytics, email, or video conferencing tools) may store or process data outside Australia or New Zealand. Where we use providers that may involve overseas storage or access, we take reasonable steps to ensure appropriate protections are in place (such as contractual confidentiality, access controls, and security safeguards). Overseas recipients may not be subject to Australian or New Zealand privacy laws. 9. Website cookies, analytics and third-party links Our website may use cookies and similar technologies to help the site function, understand traffic, and improve content. You can manage cookies through your browser settings. Disabling cookies may affect parts of the website. Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. 10. Telehealth and online sessions We may deliver services via Halaxy Telehealth. If needed due to technical issues, we may use Zoom with security settings enabled (such as passwords and waiting rooms). We do not record telehealth sessions unless you provide express consent in writing. 11. Keeping information secure We use reasonable safeguards to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Safeguards may include: secure systems and access controls password protection and multi-factor authentication where available encrypted or protected platforms for storage and telehealth policies and training for anyone who works with us secure storage for any paper records, where used No method of transmission or storage is completely risk-free, but we take security seriously and review practices as needed. 12. Access, correction and requests You can request access to personal information we hold about you and request corrections if you believe it is inaccurate, out of date, incomplete, irrelevant or misleading. To make a request, email NeuroNestCo@outlook.com . We may ask you to confirm your identity before releasing information. We aim to respond within a reasonable timeframe and, where practical, within 30 days. 13. Keeping information and deleting it We keep records for as long as needed for service delivery and legal and professional obligations. As a general rule, we retain records for at least seven (7) years, or until the child turns 25 years of age, whichever is later, unless a longer period is required or authorised by law. When information is no longer needed, we take reasonable steps to securely destroy or de-identify it. 14. Data breaches If we become aware of a data breach involving personal information that is likely to cause serious harm, we will take reasonable steps to contain and assess the breach and notify affected individuals and relevant regulators as required (including under Australia’s Notifiable Data Breaches scheme and New Zealand’s privacy breach notification requirements, where applicable). 15. Anonymity and pseudonymity Where practical, you may contact us anonymously or using a pseudonym. However, for service delivery, billing, reporting, and legal compliance, we will usually need identifying information. 16. Complaints If you have a privacy concern or complaint, please contact us first at NeuroNestCo@outlook.com . We will consider your complaint and aim to respond within a reasonable timeframe. If you are not satisfied with our response, you can contact: Office of the Australian Information Commissioner Office of the Privacy Commissioner (New Zealand) 17. Changes to this policy We may update this Privacy Policy from time to time. The updated version will be published on our website with a new effective date.